UW-IMAPD setup

Most Linux distributions simply call the package "imap" or "imapd", which is by no means a bad description, but contrary to "courier-imap" and "cyrus-imapd", you can not guess who is behind "imapd" without looking at some source files, since (SUSE's) RPM only says:

This package contains IMAP4, POP2, and POP3 mail servers.

To not put anybody on the rack, this very imapd package contains the UW-IMAPD and UW-IPOPD (as said in this page's title) from nobody else than University of Washington. (They also wrote "pine", this excellent program for internet news and email, far better than mutt.)

I have asked news:comp.mail.pine, and they have responded that the correct name is UW imapd, not WU imapd:

> btw: what's the correct name for the Washington imapd? wu-imapd? imap(d)-wu?

UW imapd.

We are the University of Washington (in Seattle, WA), not to be confused with:
* Washington State University (in Pullman, WA; sister WA state-owned school and hated football rival -- they're the cougers, we're the huskies)
* Washington University (in St. Louis, MO)
* any of the other fine institutions of higher learning with "Washington" in their name.

However, a lot of people seem to wonder why UW-imapd refuses logins, and others like qpopper (bad example, but anyway) work. The solution is simple, just take a look in (hm, SUSE specific) /usr/share/doc/packages/imap/README.SuSE which resolves the mystery right at the 2nd paragraph:

For TLS/SSL encrypted connections (you most likely want these as plain password authentication is only allowed for those) you have to install a certificate file called imapd.pem in /etc/ssl/certs. Creating ipop3d.pem for the POP3 server of the UW-IMAPD package works the same.

The build options at compile time (even in the UW imap source package!) default to disable logins when using an unencrypted channel with an unencrypted password. As README.SuSE continues, you can generate your own certificate if you do not have one:

# cd /etc/ssl/certs
# openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem

Note that creating a certificate this way will tag it as self-signed, because both the issuer and the recipent is you. (OTOH, you can buy a certificate from e.g. Verisign for some 100 bucks.) The questions the certificate generating process asks are pretty self-explaining with the exception of "Common Name" -- enter the hostname here, for which the certificate is to be issued. "Email Address" should contain the address of the administrator who is responsible for this SSL certificate, but will in most cases be "root" or so.

You can add -days N to make the certificate valid for N days from now.